CyberNews Briefs

Vulnerability found in WordPress plugin with over 3 million installations

Cybersecurity researchers at Wordfence have warned that a vulnerability in a WordPress plugin has been detected. The plugin reportedly boasts over 3 million installations, and the vulnerability was first discovered by security researcher Marc Montpas. Wordfence released a blog post explaining the vulnerability and how it allows any logged-in user, including subscribers, to download backups that were made with the plugin. This poses a serious threat to organizations as backups often contain a large amount of sensitive information. Some backups also include configuration files that could be used to launch additional attacks, such as accessing the site database or the contents of the database itself.

In addition, the researchers who examined the patch were able to provide a proof of concept. Wordfence stated that an attacker seeking to exploit the vulnerability would need to begin their attack while a backup was in progress. Therefore, the attacker would need to guess the appropriate timestamp to download a backup. Regardless, the vulnerability is a threat to customers’ and organizations’ security and data privacy. UpdraftPlus, the vendor who produces the plugin, released a patch on Thursday and urged its users to implement the fix.

Read More: Vulnerability found in WordPress plugin with over 3 million installations

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.